Regulatory Compliance, Governance and Security:

May, 2009

Policies and Procedures-it's such a common theme and phrase in today's regulatory compliance and governance arena, so much so, i think it should have it's own Wikipedia page. It can be an arduous undertaking in developing these documents. Furthermore, policies and procedures are becoming...

The SAS 70 auditing standard looks to become a vital component of the proposed changes for the Investment Advisers Act of 1940. In short, the recent scandals and ponzi schemes that resulted in the loss of billions of dollars for investors is receiving a wakeup call from the Securities and Exchange...

Payment Card Industry Data Security Standards (PCI DSS) Level 1 compliance can be a very arduous, time-consuming and costly undertaking for any organization. However, there are a number of proactive steps that should be put in place for helping ensure an...

PCI DSS Requirement 2 is the second out of 12 requirements of the PCI DSS initiatives. What's important to note about PCI DSS Requirement 2 is that it deals largely with removing vendor supplied default password before putting these new system components on the network in the cardholder...

SAS 70 audits are being performed at a record pace these days on data centers, managed service providers and co-location entities. The big question is why? Well, there are many general answers that we all hear, such as "Oh, it's just today's compliance...

COSO is a widely used and accepted internal control framework in today's growing corporate governance initiatives. It's also heavily found in Statement on Auditing Standards No. 70 (SAS 70) audits.
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework essentially...

PCI DSS Self Assessment questionnaires are used for the large and growing number of merchants who must comply with the Payment Card Industry Data Security Standards (PCI DSS). In short, compliance can be obtained by conducting a "Self Assessment". What's important to note, however, is that there...

Learn more about SAS 70 audits for data centers by reviewing the step by step SAS 70 audit process. From beginning to end, a number of steps, activities, and deliverables must be undertaken for ensuring the audit is successful. From the...

About This Blog

IT faces a wave of regulatory compliance laws, legislation and mandates, such as Sarbanes Oxley, HIPAA, Gramm Leach Bliley (GLBA), SAS 70 and PCI DSS, just to name a select few. How do you prepare and what benchmarks and standards are used for these compliance audits? This blog will assess, analyze and dive into these topics and many more.